leapcat

SUSPICIOUS. The skill’s trading capabilities align with its stated purpose, but it enables autonomous financial transactions and relies on a runtime-downloaded CLI whose public provenance is only partially verified from the provided evidence. No direct credential theft or deceptive exfiltration is shown, so this is not confirmed malware, but it is a high-impact skill that should require strict user approval per action.

SUSPICIOUS: the stated purpose matches the capabilities, but the skill is high-risk because it enables real financial transactions through an npx-installed CLI that handles authentication and possibly trade passwords. The main concern is not clear malware, but disproportionate trust in third-party package code for high-impact account actions without explicit per-action approval controls.

SUSPICIOUS: The skill's capabilities broadly match its stated brokerage purpose, but it grants an AI agent high-risk financial and identity actions (trading, withdrawals, IPO subscriptions, KYC). The pinned npm CLI reduces supply-chain drift, yet external code execution and local token storage still create meaningful risk; the main concern is autonomous real-world impact rather than clear evidence of malware.

The skill is purpose-aligned for Leapcat wallet operations, but it carries meaningful risk because it allows autonomous financial actions and routes authentication/session handling through an external CLI package. With no verified ownership evidence for the npm package and no explicit user-approval safeguard for withdrawals, this is best classified as suspicious/high-risk rather than clearly malicious.

SUSPICIOUS: the skill’s purpose matches KYC operations, but it asks the agent to execute a remotely fetched CLI, authenticate through it, and upload highly sensitive identity documents and PII without clear provenance or direct endpoint transparency. This is proportionate to KYC in function, yet medium-high risk in trust and data handling.